Benchmarked Free Ride

Security checks across malware telemetry and agentic risk

Overview

This skill openly fetches a public model leaderboard and can change OpenClaw's default model settings, with no evidence of hidden collection or destructive behavior.

Install only if you want this skill to change your default OpenClaw model routing. Run list or status first if you want to review selections, and back up ~/.openclaw/openclaw.json if you may want to revert quickly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill does more than provide recommendations: it directly rewrites ~/.openclaw/openclaw.json to change the active primary and fallback models. That is a side effect on persistent local agent configuration, so a user invoking what appears to be an informational ranking tool could unknowingly alter future model behavior and trust boundaries.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The manifest explicitly instructs users to run commands like 'python main.py auto' to configure models and declares writable config keys under '~/.openclaw/openclaw.json', but it does not clearly warn that these actions will modify local application configuration. This is a real safety issue because users may execute the recommended commands expecting a read-only listing operation, while the skill can change primary and fallback model settings and alter downstream agent behavior.

Session Persistence

Medium

Category: Rogue Agent
Content: with_score.sort(key=lambda m: m["cracker_security_rate"], reverse=True) return with_score + without_score # ── Config read/write ───────────────────────────────────────────────────── def _read_config(self) -> dict: """Read current OpenClaw config."""
Confidence: 89% confidence
Finding: write ───────────────────────────────────────────────────── def _read_config(self) -> dict: """Read current OpenClaw config.""" config_path = Path.home() / ".openclaw" / "openclaw

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal